8293858: Change PKCS7 code to use default SecureRandom impl instead o…

…f SHA1PRNG Backport-of: 2157145766f9789ade0940e9ae1715a3b74d508b
openjdk · Jun 19, 2023 · 2cc4596 · 2cc4596 · openjdk-notifier · Jun 19, 2023
1 parent c1f759e
commit 2cc4596
Showing 1 changed file with 4 additions and 22 deletions.
diff --git a/src/java.base/share/classes/sun/security/pkcs/PKCS7.java b/src/java.base/share/classes/sun/security/pkcs/PKCS7.java
@@ -36,6 +36,7 @@
 import java.security.cert.CertificateFactory;
 import java.security.*;
 
+import sun.security.jca.JCAUtil;
 import sun.security.timestamp.*;
 import sun.security.util.*;
 import sun.security.x509.AlgorithmId;
@@ -69,23 +70,6 @@ public class PKCS7 {
 
     private Principal[] certIssuerNames;
 
-    /*
-     * Random number generator for creating nonce values
-     * (Lazy initialization)
-     */
-    private static class SecureRandomHolder {
-        static final SecureRandom RANDOM;
-        static {
-            SecureRandom tmp = null;
-            try {
-                tmp = SecureRandom.getInstance("SHA1PRNG");
-            } catch (NoSuchAlgorithmException e) {
-                // should not happen
-            }
-            RANDOM = tmp;
-        }
-    }
-
     /*
      * Object identifier for the timestamping key purpose.
      */
@@ -885,11 +869,9 @@ private static byte[] generateTimestampToken(Timestamper tsa,
         }
 
         // Generate a nonce
-        BigInteger nonce = null;
-        if (SecureRandomHolder.RANDOM != null) {
-            nonce = new BigInteger(64, SecureRandomHolder.RANDOM);
-            tsQuery.setNonce(nonce);
-        }
+        BigInteger nonce = new BigInteger(64, JCAUtil.getDefSecureRandom());
+        tsQuery.setNonce(nonce);
+
         tsQuery.requestCertificate(true);
 
         TSResponse tsReply = tsa.generateTimestamp(tsQuery);